Secunia Research has discovered two vulnerabilities in UltraISO, which can be exploited by malicious people to potentially compromise a user’s system. A format string error when handling DAA file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. A format string error when handling ISZ file names can be exploited by tricking a user into opening a file with a specially crafted name containing format specifiers. Successful exploitation may allow execution of arbitrary code. UltraISO version 9.3.1.2633 is affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/76281/secunia-ultraisoname.txt
Source: https://packetstormsecurity.com/files/76281/Secunia-Research-UltraISO-Image-Name-Parsing.html